1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 // Framework-side code runs in this namespace. Libs from /vendor partition can't 18 // be loaded in this namespace. 19 20 #include "linkerconfig/common.h" 21 #include "linkerconfig/environment.h" 22 #include "linkerconfig/namespace.h" 23 #include "linkerconfig/namespacebuilder.h" 24 25 using android::linkerconfig::modules::Namespace; 26 27 namespace android { 28 namespace linkerconfig { 29 namespace contents { 30 SetupSystemPermittedPaths(Namespace * ns)31 void SetupSystemPermittedPaths(Namespace* ns) { 32 std::string product = Var("PRODUCT"); 33 std::string system_ext = Var("SYSTEM_EXT"); 34 35 // We can't have entire /system/${LIB} as permitted paths because doing so 36 // makes it possible to load libs in /system/${LIB}/vndk* directories by 37 // their absolute paths, e.g. dlopen("/system/lib/vndk/libbase.so"). VNDK 38 // libs are built with previous versions of Android and thus must not be 39 // loaded into this namespace where libs built with the current version of 40 // Android are loaded. Mixing the two types of libs in the same namespace 41 // can cause unexpected problems. 42 const std::vector<std::string> permitted_paths = { 43 "/system/${LIB}/drm", 44 "/system/${LIB}/extractors", 45 "/system/${LIB}/hw", 46 system_ext + "/${LIB}", 47 48 // These are where odex files are located. libart has to be able to dlopen 49 // the files 50 "/system/framework", 51 52 "/system/app", 53 "/system/priv-app", 54 system_ext + "/framework", 55 system_ext + "/app", 56 system_ext + "/priv-app", 57 "/vendor/framework", 58 "/vendor/app", 59 "/vendor/priv-app", 60 "/system/vendor/framework", 61 "/system/vendor/app", 62 "/system/vendor/priv-app", 63 "/odm/framework", 64 "/odm/app", 65 "/odm/priv-app", 66 "/oem/app", 67 product + "/framework", 68 product + "/app", 69 product + "/priv-app", 70 "/data", 71 "/mnt/expand", 72 "/apex/com.android.runtime/${LIB}/bionic", 73 "/system/${LIB}/bootstrap", 74 }; 75 76 for (const std::string& path : permitted_paths) { 77 ns->AddPermittedPath(path); 78 } 79 if (!android::linkerconfig::modules::IsTreblelizedDevice()) { 80 // System processes can use product libs only if device is not treblelized. 81 ns->AddPermittedPath(product + "/${LIB}"); 82 } 83 } 84 BuildSystemDefaultNamespace(const Context & ctx)85 Namespace BuildSystemDefaultNamespace([[maybe_unused]] const Context& ctx) { 86 bool is_fully_treblelized = 87 android::linkerconfig::modules::IsTreblelizedDevice(); 88 std::string product = Var("PRODUCT"); 89 std::string system_ext = Var("SYSTEM_EXT"); 90 91 // Visible to allow links to be created at runtime, e.g. through 92 // android_link_namespaces in libnativeloader. 93 Namespace ns("default", 94 /*is_isolated=*/is_fully_treblelized, 95 /*is_visible=*/true); 96 97 ns.AddSearchPath("/system/${LIB}"); 98 ns.AddSearchPath(system_ext + "/${LIB}"); 99 if (!is_fully_treblelized) { 100 // System processes can search product libs only if product VNDK is not 101 // enforced. 102 ns.AddSearchPath(product + "/${LIB}"); 103 ns.AddSearchPath("/vendor/${LIB}"); 104 ns.AddSearchPath("/odm/${LIB}"); 105 } 106 107 if (is_fully_treblelized) { 108 SetupSystemPermittedPaths(&ns); 109 } 110 111 ns.AddRequires(ctx.GetSystemRequireLibs()); 112 ns.AddProvides(ctx.GetSystemProvideLibs()); 113 return ns; 114 } 115 116 } // namespace contents 117 } // namespace linkerconfig 118 } // namespace android 119